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Introduction 

This  fifth  annual  study  is  the  Defense  Security 
Servicers  (DSS)  primary  counterintelligence 
(Cl)  tool  for  security  professionals.  The  data 
presented  in  this  study  is  based  solely  on 
reports  of  suspicious  foreign  activity  sent  to 
DSS  by  Industrial  Security  Representatives 
and  Special  Agents.  This  information  is 
based  on  information  provided  by  cleared 
defense  companies  and  cleared  employees  that 
experience  foreign  suspicious  activity.  DSS 
believes  that  this  publication  provides  general 
information  and  conclusions  that  help  cleared 
companies  and  DSS  personnel  recognize  and 
report  suspicious  foreign  activity  so  that  DSS 
can  assist  cleared  companies  enact  responsive, 
threat-appropriate,  and  cost-effective  security 
countermeasures  (SCM).  DSS’  proactive  pro¬ 
vision  of  relevant  threat  information  for 
cleared  contractors  should  further  sensitize 
them  to  deter  and  detect  suspicious  foreign 
activity.  Numerous  government  agencies  also 
use  this  summary  of  reported  information  to 
analytically  confirm  or  deny  assessments  of 
technology  targets,  to  identify  suspicious  for¬ 
eign  actors,  and  to  strengthen  and  supplement 
their  investigative  missions. 

Key  Judgments 

Countries  conducting  conventional  and 
nuclear  arms  races  will  seek  U.S.  defense  con¬ 
tractors'  weapons,  sensors  and  countermea¬ 
sures  to  obtain  an  advantage.  Other  foreign 
technology  collection  efforts  will  continue  to 
address  force  modernization,  economic  com¬ 
petition,  and  commercial  modernization,  and 
will  frequently  target  technologies  with  dual- 
use  applications. 

Foreign  collection  activities  will  continue  to 
use  automated  systems  to  generate  e-mail 
requests,  solicitations,  and  website  promoted 


inquiries.  Suspicious  Internet  contacts  will 
continue  while  use  of  the  postal  system  and 
facsimiles  will  continue  to  decrease.  Entities 
in  developing  countries  will  continue  to  mail 
inquiries  and  solicitations  with  postage. 

Foreign  entities  exhibit  frustration  when  effec¬ 
tive  SCM  deny  them  sought  information.  In 

2000,  some  companies  denied  and  ignored 
requests  similar  to  those  foreigners  made  in 
1999,  which  surfaced  at  other  companies 
involved  in  similar  research,  technology  and 
products.  Due  to  the  increased  denial  and 
non-response  by  cleared  defense  industry  to 
foreign  requests  for  information,  foreigners 
will  employ  other  collection  methods  and  tar¬ 
get  different  cleared  facilities.  This  highlights 
the  importance  of  reporting  suspicious  activi¬ 
ty  across  the  nation  and  overseas.  Otherwise, 
DSS  cannot  monitor  foreign  entities,  provide 
warnings,  and  detect  and  neutralize  foreign 
threats. 

Foreign  suspicious  activities  that  were  predi¬ 
cated  by  or  occurred  in  the  conduct  of  a 
Foreign  Military  Sale  (sometimes  U.S. 
funded)  will  continue  and  may  increase  in 

2001. 

The  increase  in  foreign  targeting  of  machinery 
and  fabrication  technologies  noted  in  2000 
will  continue,  perhaps  increasing  in  2001. 
Many  protection  discussions  have  addressed 
the  economic  threat  posed  by  foreigners 
"reverse  engineering"  U.S.  military  products 
and  acquiring  manufacturing  technology. 
(Although  acquisition  of  manufacturing 
machinery  is  a  threat,  the  greater  threat  is 
associated  with  countries  acquiring  other  fab¬ 
rication  technology  and  production  processes.) 

Global  business  environments  will  continue  to 
provide  some  degree  of  cover  for  foreign  gov¬ 
ernment-sponsored  targeting  of  specific  tech- 
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nologies  and  these  suspicious  incidents  at  U.S. 
cleared  facilities  are  assessed  to  increase  in 
2001. 

Executive  Summary 

Country  Trends:  In  2000,  DSS  received 
reports  of  suspicious  activities  concerning 
interests  associated  with  63  countries.  The 
number  of  countries  associated  with  targeting 
cleared  defense  contractors  has  increased 
since  the  start  of  this  report.  In  1997,  37 
countries  were  linked  to  suspicious  activity  as 
compared  with  47  in  1998  and  56  in  1999. 
DSS  associates  this  increase  with  increased 
threat  awareness  by  DSS  field  personnel  and 
cleared  defense  contractors.  These  reports 
indicate  that  the  majority  of  countries  target¬ 
ing  cleared  industry  have  limited  advanced 
military  capabilities  (v.  none)  and  are  seeking 
technological  advancement.  In  some 
instances  coimtries  possess  older  models  and 
are  attempting  to  upgrade  specific  sub-sys¬ 
tems  on  a  given  platform. 

Technology  Interest  Trends:  The  extent  of 
foreign  interest  and  collection  methodology 
employed  against  specific  technologies  varies 
dramatically,  fi*om  a  passive  request  to  sophis¬ 
ticated  collection  activities  using  various 
Methods  of  Operation  (MO).  The  majority  of 
targeted  technologies,  as  well  as  those  associ¬ 
ated  with  Department  of  Defense  (DoD)  pro¬ 
grams  and  weapons  systems,  was  covered  by 
the  International  Traffic  of  Arms  Regulations 
(ITAR).  As  noted  in  1998,  foreign  entities 
continue  targeting  weapon  components,  devel¬ 
oping  technology,  and  technical  information 
more  intensely  than  complete  weapons  sys¬ 
tems  and  military  equipment.  For  the  first 
time  in  five  years,  suspicious  activity  reports 
concerning  critical  technologies  do  not 
include  every  militarily  critical  technology 
category.  Foreigners  targeted  sixteen  technol¬ 


ogy  categories  for  military  and/or  economic 
exploitation.  Directed  Energy  Systems  and 
Weapons  Effects  systems  received  no  report¬ 
ing  from  cleared  DoD  contractors  in  2000. 

Most  Frequently  Reported  Technology 
Targets:  Technologies  generating  most  for¬ 
eign  interest  in  2000  included  information 
systems,  sensors  and  lasers,  aeronautics  sys¬ 
tems,  armaments  and  energetic  materials,  and 
electronics;  in  that  order  of  frequency. 

Most  Frequently  Reported  Foreign 
Collection  Methods  of  Operation  (MO):  MOs 
are  the  techniques  employed  by  a  foreign  enti¬ 
ty  to  collect  intelligence  or  scientific  and  tech¬ 
nical  information  against  a  given  target.  MOs 
associated  with  potential  collection  efforts  in 
2000  are  as  follows,  ranked  in  order  of  fre¬ 
quency  of  occurrence: 

•  Request  for  Scientific  and 
Technological  (S&T)  information. 

•  Soliciting  and  marketing  of  services. 

•  Acquisition  of  U.S.  technology/company. 

•  Inappropriate  conduct  during  foreign 
visits. 

•  International  conventions,  seminars, 
and  exhibits. 

•  Exploitation  of  Internet  (hacking). 

•  Exploitation  of  joint  venture/research. 

Unsolicited  requests  for  information  was  the 
most  frequently  used  collection  method 
employed  by  foreign  interests  in  2000.  While 
foreign  interests  employed  a  variety  of  meth¬ 
ods,  the  methods  are  consistently  similar  to 
those  reported  during  1995-1999.  Foreign 
collection  methods  and  their  frequencies  are 
described  in  page  15.  Enclosed  Appendix 
identifies  suspicious  indicators  and  SCM  that 
may  mitigate  the  potential  threats  associated 
with  these  MOs. 
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Reporting 

DoD  Directive  5240.2  requires  DSS  to  assist 
industry  in  recognizing  and  reporting  suspi¬ 
cious  activity.  Cleared  companies  and  DSS 
responded  well  in  2000,  as  in  previous  years. 
This  active  response  continues  a  trend  of 
increased  awareness  and  reporting.  The  fol¬ 
lowing  criteria  is  used  in  assessing  potential 
foreign  collection  efforts: 

•  Technology  is  classified/export-con- 
trolled. 

•  Information  has  national  defense/mili¬ 
tary  application. 

•  Redundant  requests  from  same  coun¬ 
try  for  each  technology  target. 

•  Identifying  consistent  patterns  across 
government  agencies  reporting  on 
collection  efforts  by  that  country. 

•  Foreign  entity  is  affiliated  with  for¬ 
eign  government  defense  organiza¬ 
tion. 

•  Requesl/offer  is  from  an  embargoed 
country. 

•  Possible  front  company  and  know 
technology  target. 

All  threat  information  is  evaluated  in  the  con¬ 
text  in  which  it  takes  place.  DSS  Cl  evaluates 
the  military  criticality  of  the  requested  infor¬ 
mation,  whether  it  exists  at  the  cleared 
defense  contractor  facility,  association  of  the 
foreign  collection  method  to  those  reportedly 
used  by  foreign  intelligence  services,  history 
of  suspicious  activity  by  the  foreign  entity, 
and  access  of  the  contacted,  cleared  employee 
to  the  requested  information.  Only  then  can 
DSS  Cl  apply  a  value  to  the  threat  informa¬ 
tion  and  then  more  rigorously  analyze  the 
information,  if  warranted.  Foreign  targeting, 
of  interest  to  DSS,  includes  any  classified 
technology,  technology  requiring  an  export 
license,  technology  listed  in  the  International 
Traffic  in  Arms  Regulation  (ITAR)  or  Military 


Critical  Technology  List  (MCTL).  (Only  2% 
of  technologies  targeted  included  recognizable 
classified  technologies.  As  this  is  the  first  year 
identifying  the  classification  of  a  technology. 
DSS  assesses  that  there  will  probably  be  an 
increase  in  detection  of  targeting  classified 
aspects  next  year.) 

MOs  of  interest  to  DSS  include  economic  and 
industrial  espionage  activities  related  to  an 
intelligence,  scientific  or  technical  collection 
operation.  These  activities  normally  involve  a 
complimentary  set  of  actions  that  vary  based 
on  a  nation's  culture,  political  system,  busi¬ 
ness  practices,  and  resources.  These  MOs 
include  but  are  not  limited  to  the  following: 
request  for  information,  violation  of  foreign 
visit  protocol,  exploitation  of  joint  ventures, 
acquisition  of  U.S.  companies  or  technologies, 
hacking,  targeting  cultural  commonalties,  tar¬ 
geting  at  international  conventions,  solicita¬ 
tion  and  marketing  of  services,  exploitation  of 
foreign  employees,  foreign  collection  against 
U.S.  travelers  abroad,  and  targeting  former 
employees. 

Submitted  incident  reports  continue  to  empha¬ 
size  the  importance  of  using  company  Facility 
Security  Officers  (FSOs)  as  the  central  coordi¬ 
nation  point  for  each  cleared  company  and 
each  cleared  employee.  FSOs  ensure  timely 
and  comprehensive  review,  of  reported  inci¬ 
dents,  recognition  of  suspicious  indicators, 
and  reporting  of  suspicious  activity.  Special 
agents  and  industrial  security  representatives 
are  encouraged  and  reminded  to  coordinate 
certain  security  activities  among  themselves 
when  appropriate.  Sometimes  including  the 
FSO  in  these  discussions  can  be  a  security 
force  multiplier. 

Whether  for  investigation  or  analysis,  report¬ 
ing  helps  educate  industry,  security,  and  Cl 
professionals  about  foreign  collection  meth¬ 
ods  employed  against  U.S.  industry.  Thus,  to 
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provide  thorough  research  and  response,  DSS 
Industrial  Security  Representatives  refer  to  12 
information  requirments  listed  in  DSS  ISOM 
section  1-5-302.  Because  the  DSS  Cl  Office 
needs  to  know  some  information  in  the  great¬ 
est  detail  possible,  the  FSO  may  be  able  to 
help  identify: 

•  The  ultimate  target  (imderstandable 
description  of  technology,  system,  or 
research). 

•  Foreign  identity  (name,  affiliation, 
descriptive  features,  previous  contact, 
and  postal  and  electronic  addresses). 

•  Circumstances  of  the  incident  and  back- 
groxmd  information  (e.g.,  "met  at  con¬ 
vention  in  1998,"  "denied  a  visit  in 
1999,"  "prime  ignored  several  requests 
before  foreigner  approached  us  [sub¬ 
contractor]"). 

•  Suspicious  activity  (e.g.,  called  a  few 
times  and  e-mailed  inquiring  about  pro¬ 
gram  or  technology) 

Timely  reporting  of  suspicious  foreign 
activity  enables  DSS  to  evaluate  foreign  col¬ 
lection  activity  immediately,  recommend 
threat-appropriate  SCM,  and  expedite 
referrals  to  U.S.  government  agencies  that 
can  neutralize  and  exploit  foreign  efforts. 

DSS  has  successfully  contributed  to  govern¬ 
ment  intelligence  and  law  enforcement  activi¬ 


ties  that  resulted  in  the  neutralization  of  for¬ 
eign  threats.  In  2000,  local  referrals  of 
exploitable  information  to  government  law 
enforcement  activities  increased  as  did  result¬ 
ant  intragovemmental  success  in  neutralizing 
threats. 

Cleared  company  reporting  also  indicates 
numerous  successes  in  applying  appropriate 
SCM  to  potentially  threatening  situations. 
Based  on  information  provided  to  DSS, 
cleared  companies  refused  tours  to  unautho¬ 
rized  visitors,  did  not  respond  to  suspicious 
foreign  requests  for  information,  asked  for 
(and  received)  additional  information  from 
foreign  entities,  refused  inappropriate  visit 
sponsorship  requests,  used  effective  escorts  to 
control  visiting  delegations,  and  questioned 
foreign  entities  about  the  reason(s)  for  their 
inquiries.  This  professional  handling  of  for¬ 
eign  requests  proved  useful  in  identifying  and 
reporting  inappropriate  foreign  interests. 

Most  successes  closely  align  with  SCM  out¬ 
lined  in  the  DSS  brochure,  "Suspicious 
Indicators  and  Security  Countermeasures  for 
Foreign  Collection  Activities  Directed 
Against  the  U.S.  Defense  Industry."  See 
Appendix  for  updated  version.  The  expansion 
of  indicators  in  this  update  indicates  DSS  and 
cleared  defense  industry  security  awareness 
training  has  been  effective. 
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Country  Section 

Since  1997,  the  number  of  countries  associat¬ 
ed  with  suspicious  activities  has  continued  to 
increase.  The  number  of  countries  that  are 
suspected  of  targeting  U.S.  critical  technology 
is  not  entirely  synonymous  to  those  identified 
in  cleared  contractor  reporting  to  DSS  in 
2000.  Many  countries  exhibit  interest  in  the 
same  technologies.  Newly  identified  coun¬ 


tries,  for  the  most  part,  were  developing 
nations  which  may  be  interested  in  upgrading 
existing  defense  systems  or  developing  a 
countermeasure  that  yields  a  battlespace  or 
warning  advantage.  It  is  possible  that  some  of 
the  newly  identified  countries  were  collecting 
for  other  nations,  whose  own  collection 
efforts  have  failed  or  need  to  be 
supplemented. 


Table  1 


1996 

1997 

1998.. 

1999 

2000 

#  of  countries  with  identified 
collection  invoivement 

44 

37 

47 

56 

63 

Figure  1 

Worldwide  Targeting  Efforts 


I  Eurasia  -  21%  H  Sub-Saharan  Africa  - 1% 
g  Non  Targeting 


The  map  above  denotes  regions  of  the  world  from  where  collection  efforts  report¬ 
edly  originated.  The  percentages  indicate  the  level  of  collection  activity  reported 
in  2000.  The  map  does  not  imply  national  level  support  of  the  collection  activity. 
The  collector  may  have  based  their  operation  in  a  third  country  to  conceal  inten¬ 
tions  such  as  the  ultimate  end-user  of  the  research  or  technology. 
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Figure  2 


Sponsorship 


m  Government  sponsored 


I  Government  affiliated 


|~]  Commercial 


I  Individual 


Technology 

DSS  documents  and  reviews  foreign  interest 
in  critical  U.S.  defense  technology  in  18  cate¬ 
gories.  The  Militarily  Critical  Technology 
List  (MCTL)  is  the  primary  reference  for  DSS 
to  identify  and  describe  militarily  critical  tech¬ 
nologies  and  sub-categories.  The  MCTL, 
especially  Volume  III,  is  a  detailed  and  struc¬ 
tured  compendium  of  the  emerging  technolo¬ 
gies  the  DoD  assessed  to  be  critical  to  main¬ 
taining  superior  United  States  military  capa¬ 
bilities.  The  MCTL  can  be  found  on  the 
Internet  at  www.dtic.mil/mctl.  DSS  employ¬ 
ees  should  reference  these  volumes  to  identify 
technical  or  operational  significance  when 
addressing  a  suspicious  incident. 

A  review  of  suspected  targeting  incidents  in 
2000  has  found,  for  the  first  time  in  five 
years,  that  only  16  of  18  categories  of  critical 
technology  were  reportedly  subjects  of  foreign 
interest  for  military  and  economic  exploita¬ 
tion.  Reports  from  all  previous  years 
involved  at  least  one  report  relevant  to  each  of 
the  MCTL  categories.  Directed  Energy 
Systems  and  Weapons  Effects  systems 


received  no  reporting  from  cleared  DoD  con¬ 
tractors  in  2000.  The  extent  of  foreign  inter¬ 
est  in  the  remaining  technology  categories 
varies  dramatically.  In  some  cases,  nations 
were  associated  with  targeting  all  technology 
categories  while  others  were  only  associated 
with  targeting  a  single  technology. 

Information  Systems  (IS)  was  the  most  widely 
sought  militarily  critical  technology  category 
in  2000,  as  it  was  in  1999.  IS  showed  the 
greatest  targeting  interest  with  33  of  the  63 
coxmtries  associated  with  suspicious  collection 
activity.  Sensors  and  Lasers  was  the  second 
most  targeted  technology  with  24  countries 
involved  in  collection  efforts.  Tied  for  third 
most  widely  sought  technology  was  Marine 
Systems  and  Armament  &  Energetic  Materials 
technology.  Seventeen  countries  were  associ¬ 
ated  with  collection  efforts  targeting  each  of 
these.  The  statistics  discussed  in  this  section 
are  based  solely  on  those  technologies  identi¬ 
fied  in  suspicious  activity  reporting  from 
cleared  contractors. 

Because  of  varied  technology  applications  and 
the  wide  range  of  military  and  economic  for- 
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Technology  Interest  Trends 
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. . .  . - 

Nuclear  systems  technology 

1.5% 

:  .  Ground  systems 

i5%  .  ' 

Information  warfare 

.5% 

\;Pdwer  systems 

eign  interests,  cleared  contractors  are  encour¬ 
aged  to  provide  additional  application  details. 
Identification  of  how  the  foreigner  intends  to 
use  the  U.S.  technology,  such  as  military 
acquisition,  helps  DSS  analysts  determine  for¬ 
eign  trends,  intentions,  actual  targets,  planned 
usage,  and  the  program  or  upgrade  with  which 
the  technology  is,  or  may  be,  associated. 

DSS  believes  that  when  we  identify  all  specif¬ 
ic  technologies  that  have  been  targeted  by  for¬ 
eign  interests,  this  increases  the  threat  aware¬ 
ness  of  cleared  companies,  DSS  agents,  and 
industrial  security  representatives.  On  the  fol¬ 
lowing  pages,  these  specific  technologies  are 
indentified  in  each  militarily  critical  technolo¬ 
gy  category.  DSS  hopes  that  this  increased 
awareness  will  promote  relevant  security  con¬ 
siderations  and  additional  reporting  of  suspi¬ 


cious  incidents  that  may  not  have  been  previ¬ 
ously  noticed.  Because  many  cleared  compa¬ 
nies  are  involved  with  many  technology  areas, 
DSS  values  identifying  the  percentages  of  for¬ 
eign  technology  targeting  efforts.  This  infor¬ 
mation  may  assist  cleared  companies  to  com¬ 
pare  and  contrast  relevant  threat  data  and 
decide  upon  threat-appropriate  security  meas¬ 
ures  and  countermeasures. 

The  majority  of  defense  technologies  targeted 
in  2000  was  components  vice  complete  sys¬ 
tems.  This  trend  has  continued  to  increase 
since  1998  when  DSS  first  noticed  developed 
and  developing  countries  were  upgrading 
existing  platforms.  Most  frequently  reported 
technology  targets  by  MCTL  Category  and 
volume  of  reports  were: 
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Information  Systems  remained  the  most 
sought  militarily  critical  technology  category 
in  2000.  IS  showed  the  greatest  diverse  inter¬ 
est  from  33  of  the  63  countries  associated 
with  suspicious  activity.  IS  are  pervasive  in 
virtually  all  military,  commercial  and  industri¬ 
al  activities,  and  all  levels  of  government. 

This  may  explain  the  100+%  increase  in 
reported  Information  Security  targeting  over 
1999  reporting.  The  greatest  increases  in  for¬ 
eign  targeting  occurred  in  information  securi¬ 
ty,  transmission  systems,  and  software  sys¬ 
tems  sub-categories. 

Information  Security  technologies  are  vital  to 
U.S.  warfighter  capabilities.  Uses  of  IS 
encompass  a  wide  range  of  applications  from 
IS  embedded  in  individual  smart  weapons  and 


sensors,  to  local  processing  and  communica¬ 
tions  systems,  including  transportable  and  per¬ 
sonal  hand-held  devices,  to  international  wide 
area  computer  networks.  Access  to  these 
technologies  by  potential  adversaries  could 
enhance  the  performance  of  foreign  military 
systems  and  could  be  used  to  counter  U.S. 
capabilities. 

Significant  foreign  interest  in  2000  included: 
modeling  and  simulation  technology  (military 
training  systems),  C4I  such  as:  HF,  VHP  mili¬ 
tary  radios,  and  INFOSEC  encryption  devices 
(KG-194,  KG-84  a/c,  KIV-7HS,  KG-81,  KG- 
94),  TEMPEST  equipment,  firewall  and  intru¬ 
sion  detection  teclmology.  Other  reports  con¬ 
cerned  SATCOM  systems  and  signal  process¬ 
ing  components. 


Collection  Incidents  per  Sub-category  per  Year 
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Transmission  systems  saw  the  greatest  increase  in  targeting  in  2000.  Transmission  systems 
include  equipment  and  components  used  for  transfer  of  voice,  data,  record  and  other  information 
by  electromagnetic  means;  through  atmospheric,  exoatmospheric,  or  subsurface  media  or  via 
metallic  or  fiber-optic  cable.  The  information  being  exchanged  is  predominantly  in  digital  form  of 
voice,  text,  graphics,  video  and  databases. 
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Significant  interest  in  acquiring  communications  security  devices  was  noted  due  to  good 
reporting  in  2000,  Several  DoD  contractors  received  requests  to  purchase  encryption 
devices,  one  incorporating  Firefiy  technology  and  the  other  used  for  digital  and  voice  bulk 
encryption.  Other  reports  indicated  foreign  interest  in  the  ”  VINSON  communications  securi^ 
ty  equipment**  and  another  military  communications  security  product. 


Sensors  and  Lasers  remained  the  second 
most  frequently  targeted  defense  technology 
reported  by  cleared  contractors  and  foreign 
targeting  increased  by  2  percent.  There  were 
24  nations  associated  with  targeting  sensor 
and  laser  technologies.  Five  countries 
accounted  for  63  percent  of  these  incident 
reports.  Those  countries  with  superior  sensors 
have  a  significant  advantage  over  an  adver¬ 
sary.  Arms  races  are  excellent  examples  of 
why  countries  seek  early  warning  advantages, 
hence  advanced  sensors,  to  monitor  neighbors 
and  regional  threats.  Though  targeted  sensors 
were  greatly  varied  systems  with  diverse  func¬ 
tions,  their  commonality  is  that  U.S.  state-of- 
the-art  sensors  are  generally  better  than  the 
rest  of  the  world. 


Targeting  in  the  electro-optical  field  tripled. 
Electro-optical  sensors  are  typically  used  for 
night  vision  devices  and  for  terminal  guidance 
for  smart  weapons.  This  equipment  ranges 
from  night  vision  goggles  for  individual  per¬ 
sonnel  to  large  telescopes,  vehicle  driver  sys¬ 
tems  and  weapons  sights.  The  majority  of 
sensor  targets  in  2000  involved  night  vision  . 
These  critical  systems  depend  on  second  and 
third  generation  image  intensifier  technology; 
micro-channel  plate  amplifiers  and  com- 
poimds,  semiconductors,  and  photo-cathode 
tubes. 


In  one  2000  case,  military  representatives  continually  requested  third  generation  imaging 
technology.  Some  countries  define  third-generation  systems  as  those  using  large  two-dimen¬ 
sional  staring  Focal  Plane  Arrays  (FPAs).  At  least  one  foreign  firm  currently  markets  its 
staring  system  under  a  third  generation  label  because  it  uses  a  320X240  InSb  FPA.  In  the 
U.S,  the  definition  of  third-generation  systems  is  still  being  formed.  Third  generation  sys¬ 
tems  are  often  reserved  for  aviators  or  tank  drivers  who  are  moving  at  fast  speeds  and  need 
to  process  information  quickly.  If  exported,  tankers  and  pilots  would  most  likely  Use  reques  t¬ 
ed  night  vision  devices  militarily.  Normally,  ground  units  receive  second  generation  devices. 
In  this  country,  night  vision  devices  observed  being  utilized  by  foreign  military  personnel 
were  in  poor  condition,  NOT  operationally  ready.  DSS  notes  that  dire  needs  contribute  to 
foreign  technology  collection  activity. 
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Other  targeted  technologies  included  under¬ 
water  acoustics,  infrared  (IR)  detectors,  air¬ 
borne  and  ground  radar,  imagery  dissemina¬ 
tion  software,  digital  terrain  data,  IR  imagery, 
optical  night  vision  products,  photonics,  ther¬ 
mal  imaging  camera,  antisubmarine  warfare 
(ASW)  acoustic  detection  systems,  electro¬ 
optic  sensors,  passive  communications  inter¬ 
cept  and  electronic  intercept  receivers.  Laser 
technologies  targeted  in  2000  included  radars, 


range  finders,  pulsed  lasers  and  U.S.  designs. 
Note  comparisons  to  previous  years. 

The  "other”  sensor  category  currently  pertains 
to  passive  communications  and  electronic 
intelligence  receivers  for  land,  air,  and  sea 
employment  and  other  detection  and  surveil¬ 
lance  devices  not  affiliated  with  specified  cat¬ 
egories. 


Collection  Incidents  per  Sub-category  per  Year 


Sensors  and  Laser  Technology 

1997 

1999 

‘2000 

Acoustic 
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4 
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5 
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22 

9 

Imagery 
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5 

13 

8 
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s  4  ; 

Other 

6 

2 

10 

5 
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Aeronautics  Systems  was  the  third  most  fre¬ 
quent  technology  target  while  foreign  target¬ 
ing  efforts  directed  against  it  remained  at  9 
percent  of  total  reporting.  Identified  2000  tar¬ 
gets  included:  EA-6B,  F-15,  U.S.  CH-47,  F- 
22  aircraft.  Unmanned  Aerial  Vehicles 
(UAVs),  and  ALQ-144  airborne  infrared 
countermeasures  set  for  helicopter  surviv¬ 
ability. 


There  were  15  coimtries  associated  with  sus¬ 
picious  activity  directed  against  aeronautic 
technologies.  One  country  accounted  for  4  of 
23  targeting  efforts  associated  with  aeronau¬ 
tics  systems  followed  by  another  country's 
interest  (3  collection  attempts)  targeting  com¬ 
ponents  of  U.S.  special  electronic  mission  air¬ 
craft. 
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Incident:  a  foreign  firm  recently  requested  UAVs  from  a  cleared  DoD  contractor  for  an 
unspecified  foreign  client  (third  country)  that  was  believed  to  be  embargoed.  The  two  coun¬ 
tries,  requestor  and  client,  have  been  negotiating  the  upgrade  of  an  embargoed  nation^s 
UAK  The  embargoed  nation*s  UAV research  and  development  activity  has  been  minimal  to 
non-existent  since  the  mid-1980s  due  to  embargo  constraints,  poor  maintenance,  a  lack  of 
skilled  operators  and  limited  funding.  In  the  past  ten  years,  two  countries  have  offered  the 
embargoed  nation  advanced  UAV  technology  upgrades  to  include  composite  aircraft  materi¬ 
als,  equipment  and  technical  assistance.  The  embargoed  nation  also  sought  upgrades  for 
the  UAV program  from  a  number  of  nations.  The  embargoed  nation^s  UAV  program  may 
continue  and  may  become  more  of  a  threat  to  regional  US,  interests  and  US.  forces. 


UAVs  have  made  greater  strides  over  the  past 
18  months,  in  terms  of  widespread  acceptance 
by  the  user  community.  Unmanned  systems 
are  now  beginning  to  be  seen  as  cost-effective 
and  advanced-technology  alternatives  to 
manned  platforms.  Several  factors  have  con¬ 
tributed  to  this  rapid  development.  UAVs 
were  employed  by  at  least  five  NATO  mem¬ 
ber  countries  during  last  year's  Operation 
Allied  Force  over  Kosovo.  This  provided 
valuable  experience  and  taught  several  impor¬ 
tant  lessons.  UAVs  confirmed  their  value  to 
the  warfighter  for  intelligence,  surveillance 
and  reconnaissance,  and  combat  support 
applications.  They  also  demonstrated  the 
flexibility  required  for  rapid  changes  “on  the 
fly”  to  meet  emerging  needs  beyond  their  tra¬ 
ditional  role,  such  as  working  with  airborne 
forward  air  controllers  in  F- 16s.  This  infor¬ 
mation  is  provided  to  explain  why  foreigners 
who  were  initially  interested  in  manned  air¬ 


craft  may  become  interested  in  UAVs.  This 
change  of  interest,  per  se,  is  not  cause  for  con¬ 
cern.  Export  controls  should  regulate  foreign 
acquisition  attempts. 

Several  suspicious  incidents  occurred  during 
approved  foreign  military  sales.  A  foreign 
aviator  wanted  to  know  the  difference 
between  the  U.S.  F-15  and  the  export  model 
his  government  received.  On  five  separate 
occasions  foreign  Air  Force  officers 
approached  cleared  DoD  contractors  request¬ 
ing  information  regarding  the  differences 
between  the  U.S.  F/A-18D  and  the  version 
their  country  received  as  well  as  the  versions 
that  the  U.S.  provided  to  Spain  and  Singapore. 
Additional  questions  concerned  various  equip¬ 
ment  associated  with  the  F/A-18D  including 
AN/ALQ-126  processor,  AN/ALE-47  coimter- 
measures  dispenser  system,  and  the  AN/ALR- 
67  (V)  advanced  special  receiver. 


Table  5 

Collection  Incidents  per  Sub-category  per  Year 


JSp 

19^ 

2(XK): 

Aircraft,  fixed  wing 

5 

10 

5 

6 

11 

Gas  turbine  engiries 

4 

. 8  . 

' 

Human  (crew  systems)  interface 

6 

1 

5 

0 

1 

'  Helicopters  ,  V  ^ 
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Unmanned  aerial  vehicles 

2 

4 

4 

1 
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Armaments  and  Energetic  Materials 

include  those  required  to  develop  and  pro¬ 
duce  in  quantity  safe,  affordable,  storable, 
and  effective  conventional  munitions  and 
weapons  systems  of  superior  operating  capa¬ 
bility.  These  include  infantry  and  crew  serve 
weapons  systems,  ammunition,  artillery 
weapons  systems,  torpedoes,  depth  charges, 
bombs,  land  and  sea  mines,  demolition 
devices,  high  explosives,  kinetic  energy  and 
pyrotechnic  warheads,  projectiles,  sub-mimi- 
tions,  fiises,  safety  and  arming  devices  and 
other  components. 


Technologies  targeted  in  2000  include  TOW 
missile,  R-77  medium  range  missile,  flame 
spray  gun,  large  caliber  ammunition,  fuse 
technologies,  cruse  missile  technology, 
sidewinder  AIM-9P  missile,  Mark-45,  and 
PAG  3  including  classified  performance 
characteristics  and  safety  systems.  Five 
countries  were  associated  with  the  vast 
majority  of  targeting. 


Table  6 


Collection  Incidents  per  Sub-category  per  Year 
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1 
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Electronics  Foreign  targeting  of  electronics 
technologies  decreased  2  percent  to  8  percent 
in  2000,  moving  it  from  third  to  fifth  place. 
The  majority  of  targets  concerned  defense 
applications  of  dual-use  electronics  such  as 
microwave  components,  wafer  fabrication,  sil¬ 
icon  photodiodes,  high  voltage  systems  for 
night  vision  goggles,  tank  sites,  rifle  scopes, 
and  tempest/hardening  of  equipment. 


An  embargoed  nation  led  foreign  entities  tar¬ 
geting  electronic  technologies,  accoimting  for 
23%  of  reports.  Three  other  countries 
accounted  for  10%  each  of  reports  concerning 
this  technology.  Due  to  the  nature  of  reported 
incidents  it  is  clear  foreigners  were  interested 
in  military  applicable  electronics,  although 
only  9  fit  neatly  into  sub-categories. 


12 


Table  7 

Collection  Incidents  per  Sub-category  per  Year 
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*Many  optoelectronic  targets  in  1997  may  have  concerned  sensors.  Detailed  1998- 
2000  reporting  helped  DSS  identify  optoelectronic  targets  that  were  being  applied  to 
sensors. 


Marine  Systems  remained  (and  now  tied)  in 
fifth  place  accounting  for  6  percent  of  foreign 
targeting.  However,  actual  incidents  declined 
by  3  percent.  Specific  technologies  targeted 
included  submarine  propulsion  systems,  ship 
and  submarine  construction,  swimmer  deliv¬ 
ery  vehicle  (restricted  version),  imderwater 
tracking  systems,  amphibious  assault  ships, 
submarine  masts,  and  driver  propulsion 


vehicles.  Several  targeting  efforts  involved 
the  Navy's  DD-21  Program.  Foreign  interest 
in  U.S.  antisubmarine  warfare  continued  at  the 
same  level  as  1999.  Several  foreign  contacts 
concerned  marine  systems  but  not  specifically 
these  sub-categories.  Other  targets  included 
aircraft  carrier  and  runway  specifications,  port 
data,  and  ship  building  techniques. 


Tables 


Collection  Incidents  per  Sub-category  per  Year 


k  ^  «.  k’rf  . '  ‘  Marine  Systems  * 

mg 

1999 

N/A 

3 

1 

0 

1 

'Signature  control  and  survivability^  ; 

N/A 

1 

2 

2 

;  5,. 

Subsurface  and  deep  submergence 
vehicles 

N/A 

2 

0 

2 

3 

N/A  means  that  no  reports  indicated  these  specific  technoiogies  were  targeted. 
Other  marine  systems  such  as  engines  were  targeted  in  1996. 
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Chemical/Bioiogical  Systems  targeting 
increased  by  1  percent  to  more  than  3  percent, 
moving  it  from  fourteenth  to  sixth  place. 
Chemical  and  biological  systems  address  bio¬ 
processing,  chemical  manufacturing;  chemical 
and  biological  defense  systems;  chemical  and 
biological  detection,  warning,  and  identifica¬ 
tion;  battlefield  environment;  and  human  fac¬ 
tors.  The  majority  of  foreign  requests  in  this 
category  were  for  published  research. 

Manufacturing  and  Fabrication  Collection 
efforts  directed  at  manufacturing  and  fabrica¬ 
tion  technologies  also  increased  by  1  percent 
to  nearly  3  percent,  moving  it  up  to  seventh 
place.  Technologies  covered  under  manufac¬ 
turing  and  fabrication  include  those  required 
for  the  production  of  military  hardware.  In 
most  cases  the  technologies,  the  equipment 
and  the  know-how  are  dual  use.  All  countries 
engaged  in  the  production  of  military 
weapons,  munitions,  and  systems  possess,  to 
some  degree,  technical  know-how  in  this  area. 
Frequently  U.S.  techniques  rather  than  equip¬ 
ment  are  targeted  by  foreign  entities. 

Signature  Control  Signature  control  technol¬ 
ogy  is  critical  to  certain  U.S.  weapons  systems 
because  it  reduces  an  adversary's  ability  to 
detect,  track,  monitor  and  engage  during  com¬ 
bat  operations.  This  technology  may  increase 
the  ability  of  the  U.S.  to  detect  foreign 
weapon  systems  that  have  low  observable  fea¬ 
tures.  Targeting  associated  in  this  area 
decreased  by  1  percent  to  just  under  3  percent. 
One  key  area  of  foreign  interest  (particularly 
for  one  country)  was  stealth  associated  with 
anti-submarine  warfare. 

Power  Systems  Electric  power  drives  sub¬ 
systems  and  systems  in  hxmdreds  of  U.S.  mili¬ 
tary  platforms  and  end-items.  These  various 
applications  dictate  military  requirements  for 
power  level,  power  reliability,  ruggedness, 


packaging  and  ability  to  operate  in  a  variety 
of  environments.  Foreigners  targeted  pulsed 
power  generators  and  flat  cell  technology. 

Guidance,  Navigation  and  Vehicle  Control 

Targeting  associated  with  guidance,  naviga¬ 
tion  and  vehicle  control  decreased  2.5  percent 
in  2000,  moving  it  from  seventh  to  ninth 
place.  Specific  targeted  technologies  included 
global  positioning  system  (GPS)  and  gyro¬ 
scopes. 

Space  Systems  Space  and  space  technologies 
are  vital  for  the  military,  defense,  and  eco¬ 
nomic  security  of  the  United  States.  Space 
technologies  include  platform  electronics  and 
computers,  optronics,  power  and  thermal  man¬ 
agement,  propulsion  systems  for  space  sys¬ 
tems,  and  sensors  for  space  systems. 
Technologies  targeted  in  2000  included  soft¬ 
ware  associated  with  satellite  operations, 
satellite  brackets,  and  sensors  and  electronic 
modules. 

One  suspicious  incident  involved  a  foreign 
engineer  from  an  embargoed  "Research 
Organization  for  Science  and  Technology's 
Mechanical  Engineering  Department"  request¬ 
ing  hardware  equipment  for  small  satellites. 

He  stated  that  he  was  building  a  satellite  for 
the  purpose  of  conducting  research.  However, 
satellites  are  usually  operational  before  they 
can  conduct  research. 

Materials  Many  classes  of  materials  inher¬ 
ently  have  both  military  and  commercial 
application.  Critical  materials  provide  specif¬ 
ic  military  advantages  and  cover  the  physical 
properties,  mechanical  properties,  behavior, 
and  processing  required  to  achieve  that  advan¬ 
tage.  Technologies  targeted  in  2000  included 
abrasive  media,  casting  processes,  high  mod¬ 
ule  carbon  fibers,  and  ceramic  technologies. 
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Nuclear  Power  Systems  critical  components 
include  technologies  for  processing  man-made 
fissile  materials,  for  processing  and  handling 
highly  radioactive  and  corrosive  materials,  for 
producing  plutonium  and  tritium  reactors,  and 
for  producing  and  assembling  nuclear 
weapons  components.  Targets  in  2000  includ¬ 
ed  ion-implanted/surface  barrier,  fabrication 
and  manufacturing  techniques. 

Ground  Systems  address  technologies, 
excluding  weapons  systems,  associated  with 
combat  vehicles  that  enable  these  systems  to 
be  superior  to  opposing  systems  in  combat. 
Despite  the  high  percentage  of  dual-use  tech¬ 


nologies  applied  to  military  air,  ground  and 
sea  vehicles,  imique  physical  and  operational 
capabilities  are  often  required.  Targets  in  2000 
included  robotic  vehicles,  tank  systems  fuel 
components  and  armored  vehicle  track 
designs. 

Information  Warfare  is  defined  as  actions 
taken  to  achieve  information  superiority  by 
affecting  adversary’s  information,  information 
based  processes,  and  computer  based  net¬ 
works  while  defending  one’s  own  information. 
Technologies  targeted  in  2000  include  pin 
diode  switches  (used  in  communication  jam¬ 
mers),  and  command  and  control  warfare 
technology. 


Foreign  Collection  Methods  of  Operation 

Statistical  accuracy  on  foreign  collection 
methods  of  operation  (MO)  has  improved  in 
2000  due  to  more  detailed  reporting  from 
cleared  defense  industry. 


Table  9 


Request  for  information 

41% 

'  ,  Solicitation  and  marketing  of^ervices 

18% 

Acquisition  of  technology  and  companies 

13% 

Foreign  visits  to  U.S.  FaciiititeSj. 

International  conventions/exhibits 

4.5% 

Internet  activi^  (hacidng) 

4% 

Exploitation  of  joint  ventures  i 

4% 

•  ‘Foreign  collection  V.  overseas  travelers' 

.^4% 

Targeting  cultural  commonalities 

1% 

*Foreign  collection  missions  directed  against  U.S.  persons  traveling  outside  of  the  U.S. 
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Suspicious  Foreign  Requests  for 
Information  (RFI).  Incidents  involving  RFI 
continue  to  be  the  most  frequently  reported 
MO;  accounting  for  41  percent  of  the  total 
activity  recorded  in  2000.  This  represents  a  4 
percent  decrease  from  1999.  Included  in  this 
category  is  any  request  not  sought,  or  encour¬ 
aged  by  the  cleared  company,  which  is 
received  from  a  known  or  unknown  source 
(usually  foreign),  which  concerns  classified, 
sensitive,  or  export  controlled  information. 

The  information  targeted  in  2000  included 
classified,  sensitive  but  unclassified  (which 
frequently  is  company  proprietary  products, 
information,  software  and  processes),  and 
export-controlled  information.  Requests  orig¬ 
inated  from  foreign  government  organizations, 
government-sponsored  or  affiliated  organiza¬ 
tions  (laboratories  and  institutes),  foreign 
commercial  activities,  and  foreign  individuals. 
While  the  recipient  may  not  directly  solicit  the 
request,  the  inquiry  may  actually  have  been 
indirectly  solicited.  An  example  of  an 
unwanted,  but  indirectly  solicited  request  is  an 
incident  where  a  cleared  defense  contractor's 
product  was  reviewed  in  a  trade  journal  and 
the  company  subsequently  received  a  number 
of  suspicious,  but  "solicited,”  reader-service 
card  inquiries  from  an  embargoed  country. 

Between  1998  and  2000,  DSS  saw  an  increase 
in  the  reporting  of  requests  for  information 
from  countries  that  do  not  normally  conduct 
business  with  the  U.S.  such  as  embargoed 
coimtries.  These  requests  accounted  for  50% 
of  all  foreign  attempts  to  collect  International 
Traffic  in  Arms  Regulated  (ITAR)  information 
and  technology.  A  commonality  in  the  vast 
majority  of  these  suspicious  contacts,  was  that 
the  request  was  for  informational  exchanges 
requiring  an  export  license  in  accordance  with 
the  ITAR.  RFI  received  from  countries  with 
highly  restrictive  political,  social  and  business 
environments  still  favor  the  use  of  the  postal 
system.  This  does  not  imply  that  only  embar¬ 


goed  or  restricted  countries  rely  on  traditional 
written  correspondence.  In  fact,  ironically, 
the  majority  of  suspicious  letters  originated 
from  coimtries  with  developed  electronic  con¬ 
nectivity  to  the  U.S. 

From  1997  to  1999,  DSS  reported  an  increase 
in  the  use  of  the  "thesis  or  scholarly  request" 
strategy.  This  trend  remained  constant  in 
2000  reporting.  The  thesis  request  usually 
targets  a  specific  individual  at  a  cleared  facili¬ 
ty.  The  "student"  will  state  he/she  is  working 
on  a  thesis,  likely  in  a  field  indirectly  related 
to  a  protected  U.S.  technology.  The  student 
then  states  that  he/she  located  the  U.S. 
employee's  name  while  conducting  initial 
research.  The  student  will  ask  for  whatever 
assistance  the  cleared  employee  can  provide, 
including  articles.  The  information  requested, 
including  copies  of  technical  articles,  might 
provide  new  information  confirming  existing 
assumptions  about  U.S.  technology  and  serve 
as  a  means  to  identify  targets  for  exploitation. 

One  such  student  from  Europe  requested 
"integrated  logistics  support"  software  tech¬ 
nology,  which  just  happened  to  be  classified 
information.  The  cleared  facility  was  working 
on  technical  and  specialty  engineering  pro¬ 
grams  at  the  time.  Another  frequently  used 
tactic  is  the  "model  builder".  The  model 
builder  asks  for  specifications,  which  most 
likely  would  not  affect  the  design  of  any 
model  such  as  cockpit  or  turbine  engine 
specifications. 

An  increasing  trend  observed  in  1999  and 
again  in  2000  concerns  suspicious  requests 
from  foreign  universities  and  research  insti¬ 
tutes.  A  majority  of  these  entities  are  state 
funded  and  are  heavily  involved  in  military 
applicable  technologies.  Representatives  of 
the  research  centers  attempt  to  collect  infor¬ 
mation  on  foreign  technology  through  the  use 
of  technology  exchanges  and  discussions  with 
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experts.  These  collection  operations  involve 
identifying  and  contacting  experts  in  various 
fields  of  interest  and  forming  greater  coopera¬ 
tion  with  U.S.  defense  contractors  and  mili¬ 
tary  Research,  Development,  Test,  and 
Engineering  (RDT&E)  facilities.  Some  e- 
mails  of  this  type  were  received  by  cleared 
employees  and  foreigners*  e-mail  addresses 
could  in  no  way  be  associated  with  the  insti¬ 
tute  or  university.  One  used  hotmail  and 
maintained  anonymity  until  the  cleared 
employee  inquired,  "Who  do  you  work  for 
and  what  will  you  use  this  [technology]  for?" 
Often  at  this  point,  as  in  this  case,  foreigners 
provide  enough  details  for  the  company  to 
know  whether  to  proceed  with  discussions. 
Cleared  companies  have  expedited  this  type  of 
information  to  DSS  several  times  which  led  to 
a  number  of  arrests  by  other  U.S.  government 
agencies. 

Since  1998,  the  Internet  continues  to  be  a  sig¬ 
nificant  source  of  foreign  collection  of  U.S. 
DoD  technologies.  The  use  of  the  Internet  as 
a  collection  tool  used  by  foreign  entities  to 
collect  U.S.  technology  and  technical  informa¬ 
tion  accounted  for  27  %  of  all  suspicious  con¬ 
tact  reports  made  to  the  DSS  by  cleared 
defense  industry.  This  percentage  reflects  the 
growing  role  of  the  Internet  in  conducting 
business.  A  wealth  of  once  protected  techni¬ 
cal  and  proprietary  information  is  now  easily 
retrievable  by  individuals  from  around  the 
world.  For  example,  a  cleared  defense  con¬ 
tractor  was  surprised  when  he  received  an  e- 
mailed  RFI  regarding  his  company's  mapping 
software  from  an  embargoed  foreign  compa¬ 
ny.  The  contractor's  e-mail  address  was  listed 
as  a  point  of  contact  on  the  small  company's 
web  site  which  also  highlighted  the  company's 
technological  advances  in  mapping  software. 

There  continues  to  be  a  sharp  increase  in  the 


use  of  the  Internet  by  foreign  entities  as  a  tool 
to  identify  potential  targets  and  to  facilitate 
the  actual  collection  of  information.  The 
Internet  provides  a  simple,  low-cost,  non¬ 
threatening,  risk-free  means  of  worldwide 
access  to  U.S.  defense  technology.  E-mail 
and  WEB-chat  exchanges  are  inconspicuous 
and  can  bypass  many  traditional  security  safe¬ 
guards,  directly  reaching  the  targeted  individ¬ 
ual.  Requests  over  the  Internet  continue  to 
accoimt  for  almost  half  of  the  total  Internet 
reporting.  Cleared  contractors  who  most 
often  report  Internet  based  requests  have 
active  monitoring  solutions  in  place  to  protect 
their  unclassified  web  sites.  These  contractors 
regularly  incorporate  security  with  their  web 
site  design  and  advertising. 

DSS  attempts  to  determine  whether  cleared 
defense  web-based  advertising  predicates  for¬ 
eign  suspicious  requests.  When  a  suspicious 
report  is  made  to  DSS,  our  industrial  security 
representatives  and  special  agents  ask  the 
cleared  defense  company  if  they  believe  their 
web-based  advertising  caused  the  foreign  con¬ 
tact  or  request  and  why  they  think  the  request 
is  suspicious.  Indicators  that  make  requests 
suspicious  are:  the  cleared  defense  company 
does  not  normally  conduct  business  with  the 
foreign  sender,  the  request  originates  from  an 
embargoed  country,  the  request  is  in  fact 
xmsolicited  or  unwarranted,  it  appears  the 
requestor  is  utilizing  a  third  coimtry  return 
address,  the  requestor  makes  claims  he/she  is 
representing  an  official  government  agency 
but  has  gone  outside  of  channels  to  make  the 
request,  the  initial  request  is  directed  at  an 
employee  who  does  not  know  the  sender  and 
is  not  in  the  sales  or  marketing  office,  the 
sender  appears  to  be  fishing  for  information, 
the  requestor  represents  a  third  party  who  is 
not  identified,  the  requestor  is  located  in  a 
country  with  a  targeting  history  directed  at 
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U.S.  cleared  defense  industry,  or  the  sender 
appears  to  be  avoiding  controls  or  circumvent¬ 
ing  established  procedures,  such  as  avoiding 
export  license  application. 

In  many  circumstances,  when  foreign  individ¬ 
uals  attempt  to  skirt  controls,  they  will  mask 
their  true  intentions  and  e-mail  several  similar 
requests  for  information.  These  requests  are 
usually  innocuous  and  not  threatening.  The 
reason  for  this  is  foreigners  are  trying  to  mask 
their  collection  activity.  Their  goal  is  to 
establish  credibility  in  order  to  obtain  more 


sensitive  and  sometime  classified  information. 
For  example,  over  a  period  of  ten  days  a  U.S. 
cleared  defense  company  received  three  for¬ 
eign  e-mailed  requests  asking  the  company  to 
provide  its  software  development  product  to 
the  foreign  sender.  The  foreign  sender  was 
the  same  in  each  case  but  the  sender  used 
multiple  e-mail  addresses. 

Foreign  scientists  and  engineers  have  initiated 
contact  with  U.S.  companies/employees  from 
each  type  of  establishment  listed  below. 


Table  10 


Aircraft  Design  &  Research  Institute 

University"  >  “  ■■:7V':;’  ''  '  ^ 

Technical  Institute 

Academic  University  .  ?  , 

Institute  of  Chemical  Physics 

‘  •  *  Universityof  Science  and  Tedtnology '  7; :!  V ’ 

Institute  of  Physics 

"V.lnstftute-ofNuclear Technology-';  • 

Polytechnic  University 

Institute  ’  ;  .yv;....;/-  ''' 

institutes  of  Advanced  Electricai  and  Eiectronic  Engineering 

■';,':f"'*‘''':'"'Tihstitute  of  Aircraft  Maintenance  .■ 

University  Physics  Department 

Elec^techriciipgy  Ftesearch  Institute 

Military  University 

■-  ..Tecjhnical  Uni\«r^V:;i§';7jft:K'';:??p^^ 

Institute  of  Semiconductor  Physics 
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Solicitation  and  Marketing  of  Foreign 
Services  moved  into  second  place  on  our  list 
of  most  frequently  used  foreign  collection 
methods.  Solicitation  and  marketing  of  serv¬ 
ices  was  the  third  most  frequently  reported  in 
1999,  moving  up  from  fourth  place  in  1998. 
Consistent  with  past  reporting;  individuals, 
companies  and  research  facilities  offer  their 
technical  and  business  services  to  U.S. 
research  facilities,  academic  institutions  and 
the  cleared  defense  industry  in  2000.  These 
foreign  entities  also  ask  to  represent  the 
cleared  company's  product  line  in  their  coim- 
try  or  regional  area.  As  in  1999,  many  of 
these  solicitations  concerned  provision  of 
foreign  software  services. 


One  very  popular  approach  to  cleared  defense 
industry  is  the  "foreign  scientist"  seeking 
employment.  Companies  receiving  such 
solicitations  for  jobs  include  facilities  working 
on:  nuclear  engineering,  electro-optics,  ballis¬ 
tics,  astrophysics,  and  materials.  Other 
approaches  include  software  support,  intern¬ 
ships,  invitation  to  ambassadorial  programs 
and  offers  to  act  as  sales  or  purchasing  agent. 
Of  growing  concern  is  the  use  of  foreign 
research  facilities  and  software  development 
companies  located  outside  the  U.S.  working 
on  commercial  projects  related  to  protected 
programs.  Anytime  a  U.S.  cleared  facility 
relinquishes  direct  control  of  its  processes  or 
product  to  someone  else,  they  are  exposing 
technology  to  possible  exploitation. 


In  July  2000,  a  U.S,  cleared  defense  contractor  decided  to  purchase  a  phone  system  and 
solicited  bids  including  foreign  bids.  Due  to  prior  training  and  liaison  conducted  between 
the  company's  FSO  and  DSS*  Industrial  Security  Representative,  the  U.S.  company 
requested  threat  information  concerning  foreign  bidders.  Working  with  his  DSS  Field  Cl 
Specialist  both  realized  immediately  the  threat  to  the  U.S.  entity.  The  U.S.  entity,  among 
other  things,  works  on  a  contract  for  the  Marine  Corps  related  to  its  theater  level  ballistic 
ndssUes.  Based  on  the  information  provided  by  the  U.S.  entity,  the  leading  foreign  bid 
came  from  a  foreign  entity  which  accounted for  at  least  four  suspicious  contact  reports 
submitted  by  cleared  defense  industry  to  DSS-CL  In  each  report  the  same  technology  was 
targeted  at  U.S.  cleared  defense  facilities  —  information  systems.  Also,  the  leading  foreign 
bidder  was  the  subject  of  many  reports  within  the  intelligence  community.  Both  DSS 
employees,  relying  on  historical  knowledge  of  the  U.S.  entity  and  the  foreign  threat  to  U.S. 
cleared  facility,  provided  a  threat  appropriate  response  to  the  U.S.  entity.  The  response 
included  a  threat  assessment  produced  by  a  US.  military  production  center  and  directly 
addressed  the  threat  inherent  in  the  foreign  bid  to  provide  vendor  services  to  the  U.S.  com¬ 
pany.  The  document  allowed  the  U.S.  company  to  mitigate  risks  they  did  not  want  to  incur 
while  trying  to  protect  classified  and  Marine  Corps  information  by  assessing  risks  posed 
by  the  leading  foreign  bid,  or  any  foreign  vendor.  The  U.S.  company  selected  a  U.S.  con¬ 
tract  at  a  higher  cost.  Ultimately,  DSS  saved  a  company's  proprietary  information  and 
quite  possibly  Marine  Corps  technology  from  foreign  exploitation. 
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Acquisition  of  Sensitive  Defense  Technology 
or  Cleared  Company  Acquisition  was  the 
third  most  often  used  MO  reported  in  2000, 
up  from  fourth  position  in  1999.  This  is  only 
the  latest  manifestation  of  an  increasing  trend 
to  acquire  sensitive  technologies  through  pur¬ 
chase.  Acquisition  attempts  accounted  for 
88  %  of  reported  suspicious  incidents  believed 
to  involve  a  third  party.  Third  party  involve¬ 
ment  indicates  possible  technology  transfer  or 
diversion.  Third  parties  are  not  the  actual 
entity  acquiring  the  technology  but  are  the  end 
user  or  ultimate  recipient.  Reports  involving 
third  parties  include  either  a  country  with  a 
history  of  third  party  sales  or  a  country  used 
by  other,  often  embargoed,  foreign  countries 
as  a  venue  for  purchase  and  collection. 
Statistics  show  no  clear  distinction  between 
U.S.  defense  technology  requested  for  pur¬ 
chase  by  developed  and  developing  countries. 

Developing  coxmtries  continue  to  consider, 
and  seek  purchase  of,  older  U.S.  military  tech¬ 
nologies  for  varied  reasons:  older  technology 
may  not  require  a  license,  older  equipment 
may  be  best  incorporated  into  existing  logis¬ 
tics  and  maintenance  systems,  old  technology 
best  suits  critical  shortages  for  a  country  at 
war,  or  a  country  cannot  incorporate  and 
maintain  new  technology  because  its  industri¬ 
al  base  is  inferior  to  U.S.  level  of  technology 
sophistication.  The  purchase  of  U.S.  products 
in  small  quantities  may  indicate  reverse-engi¬ 
neering  efforts  that  may  help  countries  deter¬ 
mine  whether  their  industrial/manufacturing 
systems  can  produce  domestic  models/copies. 

In  2000,  sanctioned  nations  involved  in  border 
and  landhold  conflicts  increased  their  attempts 
to  acquire  sensitive  defense  technologies,  pri¬ 
marily  sensors.  Several  resultant  law  enforce¬ 
ment  actions  were  attributed  to  DSS  reporting 
of  these  incidents. 

The  majority  of  foreign  purchase  attempts  in 


2000  concerned  TEMPEST  equipment  and 
encryption  devices  including  the  KIV-7HS, 
which  are  export  controlled.  Other  requests 
include  a  wide  range  of  technologies  and  sys¬ 
tems  such  as:  HE  ocean  surface  radar,  strip 
detectors  for  x-ray  radiation,  long  range  laser 
finders,  microwave  control  systems  and  accel¬ 
eration  sensors.  Some  technologies  may  be 
sought  with  the  stated  intent  for  civilian  use 
such  as  infrared  (IR)  lenses,  but  may  have 
applications  in  larger  ITAR  controlled  systems 
including  focal  plane  array  technologies, 
which  are  used  in  sensors  and  laser  guided 
munitions.  Some  defense  articles  require 
more  than  a  general  export  license  for  sale  to 
a  foreign  country.  The  uses  of  freight  for¬ 
warders  and  "cooperative  U.S.  based  compa¬ 
nies"  have  been  suggested  by  foreigners  and 
may  be  employed  because  they  give  a  foreign 
entity  a  U.S.  address.  The  U.S.  company  is 
compromised  because  the  final  destination  is 
not  the  U.S.  but  a  location  outside  the  U.S. 

Exploitation  of  Visits  to  U.S.  Companies 
Reports  concerning  suspected  exploitation  of 
foreign  visits  at  U.S.  facilities  was  fourth  in 
frequency  of  reporting.  The  term  "foreign 
visitor"  includes  one  time  visits,  long  term 
visitors  (such  as  exchange  employees,  official 
government  representatives  and  students) 
and/or  frequent  visitors  (such  as  foreign  sales 
representatives).  Suspicious  conduct  includes 
actions  before,  during  and  after  a  visit.  The 
one  factor  which  made  many  foreign  visits 
suspicious  was  the  extent  to  which  the  foreign 
visitor  requested  access  to  facilities  or  tried  to 
discuss  information  outside  the  scope  of 
approved  activities  or  established  procedures. 

In  several  incidents  in  2000,  foreign  visitors 
ignored  Technology  Control  Plans  (TCPs).  A 
TCP  stipulates  how  a  company  will  protect  its 
technology.  The  plan  establishes  procedures 
to  protect  classified,  proprietary,  and  export- 
controlled  information,  to  control  foreign  visi- 
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tor  access,  and  to  control  access  by  non-U.S. 
employees.  In  one  example,  a  group  of  senior 
foreign  executives  arrived  at  a  scheduled 
briefing  in  a  cleared  facility  and  made  a  for¬ 
mal  request  for  the  meeting  to  be  held  at 
another  facility  nearby.  The  nearby  facility 
was  the  facility  containing  the  classified  proj¬ 
ect.  Suspicious  indicators  associated  with 
foreign  exploitation  of  visits  to  U.S.  facilities 
traditionally  include: 

•  Behaving  inappropriately  during  a  visit: 
Wandering  around  the  facility  unescort¬ 
ed,  bringing  unauthorized  cameras 
and/or  recording  devices  into  the  cleared 
facility,  or  pressing  for  additional  access 
or  information  and  becoming  irate  upon 
denial.  In  one  case,  a  foreign  visitor 
excused  himself  from  a  conference  stat¬ 
ing  he  needed  to  get  his  briefcase  in  the 
sponsor's  office.  Later  he  was  foimd  in 
the  sponsor's  office  speaking  on  a  tele¬ 
phone  in  a  foreign  language.  He  quickly 
ended  the  conversation  when 
approached. 

•  Adding  last  minute  and/or  unaimounced 
persons  as  part  of  the  group. 

•  Making  numerous  requests  for  visits, 
despite  repeated  denials. 

•  Brokering  a  visit.  A  brokered  visit  is 
when  a  third  party,  who  is  not  involved 
in  the  actual  business  transactions,  acts 
on  behalf  of  the  prospective  visitor  to 
arrange  for  an  invitation  to  be  extended 
to  the  foreigner.  Brokered  visits  become 
suspicious  when  the  third  party  bypasses 
established  foreign  visit  request  proce¬ 
dures  by  going  directly  to  a  company 
employee  to  solicit  an  invitation  for  the 
visit.  Brokers  often  cloak  their  clients' 
employer  until  queried  by  the  U.S.  com- 
pany. 


•  Arriving  unannounced  and  seeking 
access  by  asking  to  see  an  employee  who 
may  belong  to  the  same  business  organi¬ 
zation  or  who  had  attended  the  same 
business  gathering  as  the  foreign 
national. 

•  Hiding  true  agenda  such  as  trying  to 
shift  the  conversation  to  topics  not 
agreed  upon. 

•  Misrepresenting  a  visitor's  importance  or 
technical  competence  to  secure  visit 
approval. 

Targeting  at  Conventions  moved  up  to  fifth 
place  in  frequency  of  use  by  foreign  entities. 
Conventions  continue  to  provide  a  "target 
rich"  environment  for  foreign  intelligence  col¬ 
lection  as  they  directly  link  U.S.  programs  and 
technologies  with  knowledgeable  personnel. 
International  exhibits  provide  a  unique  oppor¬ 
tunity  for  foreign  entities  to  study,  compare, 
and  photograph  actual  products  in  one  loca¬ 
tion.  Some  technologies  targeted  at  conven¬ 
tions  include  laser  optics,  obscuration  smoke 
systems,  submarine  and  ASW  specifications, 
PAC  3  safety  systems,  and  air  defense  tech¬ 
nologies. 

International  seminar  audiences  are  often 
comprised  of  leading  national  scientists  and 
technical  experts,  who  pose  more  of  an 
exploitation  threat  than  intelligence  officers 
because  the  scientist's/engineer's  level  of 
technical  imderstanding  and  ability  can  readily 
exploit  U.S.  technology  and  information  for 
their  nation's  advancement.  Foreign  technical 
experts  focus  questions  and  request  specific 
technical  data  that  directly  applies  to  their 
work.  Reports  show  that  during  seminars, 
foreign  entities  attempt  subtle  approaches 
such  as  sitting  next  to  a  potential  target  and 
initiating  casual  conversation.  This  can  estab¬ 
lish  a  point  of  contact  that  may  later  be  sub- 
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jected  to  exploitation.  Membership  lists  of 
international  business  and/or  technical  soci¬ 
eties  are  increasingly  used  to  identify  potential 
U.S.  targets  for  introduction.  Because  the 
threat  is  designed  to  exploit  the  cleared 
defense  employee,  the  approach  will  most 
likely  be  very  subtle  and  unrecognizable. 

Most  likely,  the  targeting  will  be  directed  at 
U.S.  persons  with  cultural  commonalties  such 
as  origin  of  birth,  religion  or  language. 

Internet  Activity  (hacking) 

Targeting  associated  with  exploitation  of  the 
Internet  (hacking)  fell  back  to  6th  place. 
(NOTE:  This  category  is  not  related  to  the 
Internet-based  requests.  Because  DSS  does 
not  analyze  or  forensically  investigate  these 
incidents,  our  statistics  may  be  limited  to  ini¬ 
tiative  reporting  by  companies  not  referring 
these  matters  to  the  FBI,  When  received,  DSS 
forwards  these  reports,  sometimes  with  ana¬ 
lytical  assessments  or  conclusions,  to  the 
FBTs  National  Infrastructure  Protection 
Center.) 

The  majority  of  foreign  Internet  activity  was 
probing  efforts.  The  computer  probes  are 
most  likely  searching  for  potential  weaknesses 
in  systems  for  exploitation.  In  one  example,  a 
network  attack  originated  from  Europe.  The 
attack  lasted  over  a  period  of  a  day.  Several 
hundred  attempts  were  made  to  use  multiple 
passwords  to  illegally  obtain  access  to  a 
cleared  facility’s  network.  All  attempts  were 
logged  by  the  firewall  monitoring  software 
and  no  malicious  activity  was  encountered. 
The  facility  had  the  appropriate  level  of  pro¬ 
tection  in  place  to  repel  such  an  attack.  By 
detecting  probes,  the  cleared  companies 
demonstrated  they  have  the  SCM  in  place  to 
thwart  attempts  to  penetrate  their  computer 
systems.  Although  probing  a  system  is  legal, 
once  a  port  is  breached  a  crime  is  committed. 


Exploitation  of  Joint  Venture/Research 

dropped  into  a  tie  for  6th  place  in  frequency 
of  reporting.  This  MO  offers  significant  col¬ 
lection  opportunities  for  foreign  interests,  as 
well  as  venues  for  expanding  their  industrial 
base  or  production  capability  without  having 
to  pay  for  the  research  and  development. 

Joint  venture  reporting  may  have  dropped  off 
due  to  reporting  inconsistencies.  For  exam¬ 
ple,  some  facilities  may  have  reported  a  for¬ 
eign  visit  instead  of  the  joint  venture,  which 
may  have  predicated  the  foreign  visit.  DSS 
tries  to  differentiate  between  joint  ventures, 
which  are  also  known  as  international  pro¬ 
grams  and  cooperative  agreements,  from  non- 
assoeiated  visits.  Cleared  companies  can  help 
DSS  recognize  this  difference  by  informing 
representatives  during  security  discussions. 

As  with  frequent  foreign  visits  and  other  inter¬ 
national  programs,  joint  ventures  place  for¬ 
eign  personnel  in  close  proximity  to  U.S.  per¬ 
sonnel  and  technology  and  can  facilitate 
access  to  protected  programs.  Also  of  con¬ 
cern  is  the  placement  of  foreign  workers  in 
close  proximity  to  protected  operations.  Once 
a  foreign  employee  is  in  place  for  a  long  time, 
that  foreign  employee  tends  to  assimilate  into 
the  standard  workplace  image,  be  more 
accepted  and,  therefore,  security  considera¬ 
tions  become  a  lower  priority. 

Indicators  of  suspicious  activity  in  a  joint 
research/venture  include:  the  foreign  worker 
seeking  access  to  areas  and  information  out¬ 
side  the  purview  of  the  work  agreement, 
enticing  U.S.  contractors  to  provide  large 
quantities  of  technical  data  as  part  of  the  bid¬ 
ding  process,  and  the  foreign  organization 
sending  more  foreign  representatives  than  rea¬ 
sonably  necessary  for  the  project.  Some  tar¬ 
geting  of  joint  ventures  included  advanced 
casting  techniques,  firewall  and  intrusion 
detection  technology,  laser  head  design  (a 
patented  melt-down  manufacturing  process), 
and  simulator  technology. 
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Foreign  Targeting  of  U.S.  Travelers 
Overseas  DSS  saw  increased  reporting  of 
foreign  collection  activities  directed  against 
U.S.  cleared  employees  on  official  or  business 
travel.  Increased  reporting  prompted  DSS  to 
categorize  this  foreign  collection  activity  as  a 
distinct  foreign  method  for  collecting  U.S. 
technology  from  U.S.  cleared  defense  employ¬ 
ees.  Suspicious  incidents  usually  occurred 
during  foreign  travel  on  trains,  at  airports  and 
in  hotels.  This  category  does  not  include  inci¬ 
dents  that  occur  at  conventions,  seminars,  or 
exhibitions.  This  MO  is  in  a  three-way  tie  at 
sixth  place  for  frequency  of  use  by  foreign 
entities.  Events  held  on  the  collector’s  home 


territory  leave  U.S.  business  travelers  vulnera¬ 
ble  to  exploitation  by  traditional  Foreign 
Intelligence  Services  (FIS)  technical  means 
(for  example,  electronic  surveillance)  and  the 
employment  of  entrapment  ploys  (such  as 
inducement  of  the  target  into  a  compromising 
situation).  Cleared  defense  contractors  should 
review  the  type  and  amount  of  information 
contained  in  the  registration,  biographic  and 
other  materials  requested  by  the  host.  A  num¬ 
ber  of  official  events  cause  U.S.  business 
travelers  to  be  recognized  by  FIS  including 
international  conventions,  combined  military 
operations  and  joint  ventures. 


In  one  case,  cleared  contractor  representatives  staying  at  the  same  hotel  reported  several 
attempts  to  gain  access  to  their  rooms.  In  another  incident,  a  defense  contractor  reported  a 
went  back  to  his  hotel  room  after  dinner  to  find  an  opened  notebook  com¬ 
puter  in  the  middle  of  the  bed.  The  computer  had  been  stored  with  the  luggage  before  din¬ 
ner.  Repeat  U.S.  visitors  have  been  assigned  to  the  same  room  over  a  long  period.  Other 
travelers  received  excessively  ’’helpful”  service  by  host  government  representatives  and 
hotel  staffs.  The  majority  of  suspicious  activity  during  overseas  travel  is  reported  in  rela¬ 
tionship  to  a  hotel  stay. 


In  other  cases,  short-term  custodial  detentions 
by  host  government  officials  occurred  at  air¬ 
ports  and  waterways  during  which  foreign 
officials  attempted  to  gain  information  regard¬ 


ing  the  U.S.  traveler’s  visit.  The  majority  of 
airport  detentions  occurred  at  only  one  foreign 
airport. 
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Foreign  Collection  Methods  by  Technology 


Technology/MO  Correlation.  As  mentioned 
in  the  introduction,  MOs  used  must  be  viewed 
in  the  context  of  the  overall  atmosphere  of  the 
collection  operation.  No  one  rule  is  applica¬ 
ble  to  all  foreign  collection  attempts. 


The  charts  below  display  the  prevalent  MOs 
employed  against  the  most  sought  after  tech¬ 
nologies. 


Figure  3 
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Assessment  of  Future  Trends 

DSS  forecasts  that  countries  assessed  as  mod¬ 
erately  and  most  active  in  2000,  will  continue 
collection  operations  at  similar  levels  against 
cleared  U.S.  defense  industry  in  2001. 

DSS  assesses  that  if  cleared  employees  and 
cleared  defense  contractors  do  not  respond  to 
requests,  foreign  collection  activities  will 
employ  additional  MOs  to  include  foreign  vis¬ 
its  and  may  also  target  other  companies. 

Based  on  2000  reporting,  DSS  believes  that 
targeting  of  cleared  defense  industry  from  for¬ 
eign  institutes,  businesses  and  individuals 
(versus  recognizable  foreign  government  enti¬ 
ties)  will  continue.  Recognizable  foreign  gov¬ 
ernment  contact  will  decrease.  DSS  assesses 
that  Foreign  Intelligence  and  Security 
Services  (FISS)  will  direct  some  of  these  col¬ 
lection  activities.  Whether  FISS  directed,  or 
motivated  by  modernization,  the  majority  of 
targeting  efforts  will  emanate/originate  from 
non-govemmental  entities. 

DSS  has  assessed  that  certain  U.S.-based  and 
foreign  entities  to  represent  foreign  illicit 
trade  as  front  companies.  Some  of  these 
assessments  were  confirmed  by  law  enforce¬ 
ment  and  non-proliferation  activities.  The 
majority  of  the  confirmations  involved  tech¬ 


nology  diversion  attempts  to  a  third  entity  in 
embargoed  nations.  Some  of  these  entities 
were  foreign  govemment/defense  activities. 
DSS  assesses  an  increase  in  law  enforcement 
and  non-proliferation  activities  associated 
with  DSS  reporting  in  2001 . 

DSS  has  identified  two  trends  associated  with 
foreign-owned  cleared  defense  facilities.  In 
several  instances,  after  attaining  favorable 
special  security  ratings  (lAW  mitigating  secu¬ 
rity  plan),  foreign  owner  will  attempt  to 
exploit  its  position  and  place  foreign  workers 
in  restricted  space,  disregard  foreign  visitor 
sign-in  logs  at  the  U.S.  facility,  and  request 
hurried  mailings  that  require  export  license. 
Several  times  foreign-owned  U.S.  facilities 
were  contacted  by  foreign  subsidiaries  of  the 
foreign  owner.  Two  cases  involved  foreign 
requests  for  export-controlled  information  that 
may  have  led  to  product  requests  if  cleared 
facility  responded  and  did  not  report  the  sus¬ 
picious  contact.  DSS  assesses  that  this 
exploitation  by  foreign  owners  will  continue. 

DSS  assesses  that  the  global  business  environ¬ 
ment  will  continue  to  provide  some  degree  of 
cover  for  foreign  government-sponsored  tar¬ 
geting  of  specific  technologies  and  that  these 
activities  at  foreign-owned  U.S.  facilities  will 
increase  in  2001. 
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Appendix 


Suspicious  Indicators  and  Security  Countermeasures  for  Foreign  Collection  Activities 
Directed  Against  the  US,  Defense  Industry 

FOREIGN  REQUESTS  FOR  INFORMATION 

Foreign  requests  for  U.S.  defense  industry  science  and  technology  (S&T)  program  information 
are  the  most  frequently  reported  method  of  operation  (MO)  associated  with  foreign  targeting 
activity.  Requests  frequently  involve  faxing,  mailing,  e-mailing,  or  telephoning  to  individual 
U.S.  persons  rather  than  corporate  marketing  departments.  The  requests  may  involve  surveys  or 
questionnaires  and  are  frequently  sent  over  the  Internet. 

Indicators 

•The  requester: 

•  has  an  e-mail  address  in  a  foreign  country. 

•  may  be  associated  with  an  embargoed  country. 

•  identifies  his  status  as  a  student  or  consultant. 

•  identifies  himself  as  a  "student"  seeking  empathy  because  his  nation  lacks  this  scientific  or 
technical  information. 

•  identifies  his  employer  as  a  foreign  government  or  the  work  is  being  done  for  a  foreign 
government  or  program. 

•  asks  about  a  technology  related  to  a  defense-related  program,  project,  or  contract. 

•  asks  questions  about  defense-related  programs  using  acronyms  specific  to  the  program. 

•  insinuates  that  the  identity  of  the  third  party  he  works  for  is  "classified". 

•  admits  he  could  not  get  the  information  elsewhere  because  it  was  classified  or  controlled. 

•  advises  the  recipient  to  disregard  the  request  if  it  causes  a  security  problem  or  if  it  is  for 
information  the  recipient  cannot  provide  due  to  security  classification,  export  controls,  and 
so  forth. 

•  assures  the  recipient  that  export  licenses  are  not  required  or  are  not  a  problem. 

•  Recipient  has  never  met  or  does  not  normally  conduct  business  with  the  sender. 

•  Technology  requested  is  classified,  International  Traffic  in  Arms  Regulation  (ITAR)-controlled, 
is  on  the  Militarily  Critical  Technologies  List,  or  has  both  commercial  and  military  applica¬ 
tions. 

•  Requests  may  be  faxed  or  mailed  to  an  individual  vice  the  company  marketing  office. 

•  Requests  may  exceed  generally  accepted  terms  of  information. 

•  Strong  suspicions  that  a  competing  foreign  company  employs  the  "surveyor". 
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Recommended  Security  Countermeasures 

•  Have  a  technology  control  plan. 

•  Have  a  written  company  policy  on  how  to  respond  to  requests. 

•  Brief  employees  not  to  respond  to  suspicious  requests. 

•  Brief  employees  to  report  suspicious  incidents  to  the  Facility  Security  Officer. 

•  Review  how  much  information  you  have  in  the  open  domain. 

•  Ask  foreigner  why  he  wants  the  information,  who  he  represents,  and  for  what  the  U.S.  infor¬ 
mation  or  products  will  be  used. 

WEB-BASED  REQUESTS  FOR  INFORMATION 

Web-based  requests  continue  to  be  a  significant  source  of  foreign  targeting  of  U.S.  DoD  tech¬ 
nologies.  A  wealth  of  once  protected  information  is  now  retrievable  by  individuals  from  around 
the  world.  There  appears  to  be  a  sharp  increase  in  the  use  of  web-based  requests  by  foreign 
entities  as  a  means  to  identify  potential  targets  and  to  facilitate  the  actual  collection  of  informa¬ 
tion.  Web-based  requests  provide  a  simple,  low  cost,  non-threatening,  risk-free  means  of  world¬ 
wide  attempts  to  acquire  U.S.  DoD  technology.  Web-based  requests  are  inconspicuous  and  can 
bypass  many  traditional  security  safeguards,  thus  directly  reaching  the  target. 

Indicators 

•  The  cleared  defense  company  does  not  normally  conduct  business  with  the  foreign  requestor. 

•  The  request  originates  from  an  embargoed  coimtry. 

•  The  request  is,  in  fact,  unsolicited  or  unwarranted. 

•  Requestor  claims  to  represent  an  official  government  agency  but  avoids  proper  channels  to 
make  the  request. 

•  The  initial  request  is  directed  at  an  employee  who  does  not  know  the  sender  and  is  not  in  the 
sales  or  marketing  office. 

•  The  requestor  is  fishing  for  information. 

•  Requestor  represents  unidentified  third  party. 

•  The  requestor  is  located  in  a  country  with  a  targeting  history  directed  at  U.S.  cleared  defense 
industry. 

•  The  requestor  appears  to  be  "skirting  controls”. 

•  Several  similar  requests  are  made  over  time. 

Recommended  Security  Countermeasures 

•  Have  a  technology  control  plan. 

•  Incorporate  security  into  web  design  and  advertising. 

•  Initiate  an  active  monitoring  solution  of  web  site. 

•  Report  request  to  FSO  and  report  to  DSS  Cl  for  databasing  purpose  (in  several  situations, 
similar  requests  were  received  by  different  U.S.  cleared  facilities.) 
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SOLICITATION  AND  MARKETING  OF  SERVICES 


Consistent  with  past  reporting,  individuals,  companies  and  research  facilities  offer  their  technical 
and  business  services  to  U.S.  research  facilities,  academic  institutions  and  the  cleared  defense 
industry. 

Indicators 

•  Foreign  "scientist”  seeks  employment  associated  with  sensitive  defense  technologies. 

•  Offer  to  provide  offshore  software  support. 

•  Foreign  government-  and  business-sponsored  internships. 

•  Invitation  to  cultural  exchange,  individual-to-individual  exchange  or  ambassador  program. 

•  Offer  to  act  as  sales  or  purchasing  agent  in  foreign  country. 

Recommended  Security  Countermeasures 

•  Have  a  technology  control  plan. 

•  Report  names  of  foreign  scientists  and  engineers  whose  solicitation  concerns  classified  or 
controlled  research  and  technology. 

•  Obtain  recommendations  and  assess  risks  posed  by  software  support  in  a  foreign  land. 

•  Receive  State  Department  travel  briefings  before  departing  on  an  exchange  or  ambassador 
program. 

FOREIGN  ACQUISITION  OF  U.S.  TECHNOLOGY/COMPANY 

Foreign  entities  try  to  access  sensitive  technologies  by  purchasing  U.S.  technology  or  a  U.S. 
company  possessing  the  sensitive  technology/product. 

Indicators 

•  Companies  of  political  and  military  allies  are  most  likely  associated  with  this  activity. 

•  Foreign  competitors  seek  a  position  in  the  U.S.  company  that  affords  access  to  technology. 

•  New  employees  hired  fi-om  the  foreign  parent  company  or  its  foreign  partners  ask  to  access 
classified  data. 

•  Foreign  parent  company  attempts  to  circumvent  the  security  agreement  or,  even  earlier,  avoids 
or  otherwise  disrupts  or  hinders  the  Foreign  Ownership,  Control  or  Influence  (FOCI)  process. 

•  Foreign  parent  employees  try  to  make  exceptions  to  the  term  of  the  security  agreement. 

•  Statement  that  license  is  not  necessary. 

•  Foreign  company  ask  U.S.  company  to  send  information  or  product  to  another  U.S.-based 
company  for  transfer  overseas;  or  via  FedEx,  or  UPS  to  overseas  address. 

Recommended  Security  Countermeasures 

•  Have  a  technology  control  plan. 

•  Request  a  threat  assessment  from  the  program  office. 

•  Scrutinize  employees  hired  at  the  behest  of  foreign  entity. 
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•  Conduct  frequent  checks  of  foreign  visits  to  determine  if  foreign  interests  are  attempting  to  cir¬ 
cumvent  security  agreements. 

•  Provide  periodic  threat  briefings  to  outside  directors  and  user  agencies. 

•  Ask  what  U.S.  based  company  does.  Ask  why  company  cooperates  with  a  foreign  entity.  Ask 
why  foreigner  wants  product  express-mailed.  Ask  export  officer  if  information/product  is 
export-controlled. 

FOREIGN  VISITS  AT  U.S.  FACILITIES 

Foreign  visits  to  cleared  U.S.  defense  contractors  can  present  potential  security  risks  if  sound 

risk  management  is  not  practiced. 

Indicators 

•  A  Foreign  Liaison  Officer  or  embassy  official  escorting  a  visitor  attempts  to  conceal  official 
identities  during  a  supposedly  commercial  visit. 

•  Hidden  agendas  as  opposed  to  the  stated  purpose  of  the  visit. 

•  Last  minute  and  unannounced  persons  added  to  the  visiting  party. 

•  "Wandering"  visitor  who  acts  offended  when  confronted. 

•  Using  alternative  methods.  For  example,  if  a  classified  visit  request  is  disapproved,  the  foreign 
entity  may  attempt  a  commercial  visit. 

•  Visitors  ask  questions  during  briefing  outside  the  scope  of  the  approved  visit  hoping  to  get  a 
courteous  or  spontaneous  response. 

•  Visitor  claims  business  interest  but  lacks  experience  researching  and  developing  this 
technology. 

Recommended  Security  Countermeasures 

•  Have  a  technology  control  plan. 

•  Brief  foreign  collection  threat  to  all  employees  involved  with  the  foreign  visit.  Request  for¬ 
eign  intelligence  service  threat  assessments. 

•  Ensure  appropriate  personnel,  both  escorts  and  those  meeting  with  visitors,  are  briefed  on  the 
scope  of  the  visit. 

•  The  number  of  escorts  per  visitor  group  should  be  adequate  to  properly  control  movement  and 
conduct  of  visitors. 

EXHIBITS,  CONVENTIONS  AND  SEMINARS 

These  functions  directly  link  programs  and  technologies  with  knowledgeable  personnel. 

Conventions  may  provide  foreign  entities  with  targeting  information  to  be  used  later. 

Indicators 

•  Topics  at  seminars  and  conventions  deal  with  classified  or  controlled  technologies  and/or 
applications. 
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•  Country  or  organization  sponsoring  seminar  or  conference  has  tried  unsuccessfully  to  visit  the 
facility. 

•  Receive  invitation  to  brief  or  lecture  in  a  foreign  country  with  all  expenses  paid. 

•  Requests  for  presentation  summary  6-12  months  before  seminar. 

•  Photography  and  filming  appear  suspicious. 

•  Attendees  wear  false  nametags. 

•  Casual  conversation  and  discussions  during  and  after  these  events. 

Recommended  Security  Countermeasures 

•  Have  a  technology  control  plan. 

•  Be  aware  of  follow-up  requests  after  a  show. 

•  Consider  what  information  is  being  exposed,  where,  when,  and  to  whom. 

•  Provide  employees  with  detailed  travel  briefings  concerning  the  threat,  precautions  to  take,  and 
how  to  react  to  elicitation. 

•  Take  mock-up  displays  instead  of  real  equipment. 

•  Request  a  threat  assessment  from  program  office. 

•  Restrict  information  provided  to  that  necessary  for  travel  and  hotel  accommodations. 

•  Carefully  consider  whether  equipment  or  software  can  be  adequately  protected. 

EXPLOITATION  OF  INTERNET 

Internet  exploitation  consists  of  hacking,  probes,  scanning,  and  pinging.  This  category  is  not 
related  to  the  Internet  based  requests  for  information.  The  majority  of  cases  involve  probing 
efforts.  Although  probing  a  system  is  legal,  once  a  port  is  breached  a  crime  is  committed. 

Indicators 

•  Computer  probes  are  most  likely  searching  for  potential  weaknesses  in  systems  for  exploitation 

•  Network  attacks  originated  from  foreign  Internet  service  providers. 

•  Attacks  last  over  a  period  of  a  day. 

•  Several  hundred  attempts  are  made  to  use  multiple  passwords. 

Recommended  Security  Countermeasures 

•  Have  a  technology  control  plan. 

•  Have  firewall  monitoring  software  that  logs  all  intrusion  attempts  and  any  malicious  activity. 

•  Have  the  appropriate  level  of  protection  in  place  to  repel  such  an  attack. 

•  When  a  probe  is  noted,  heighten  security  alert  status. 

JOINT  VENTURE/  RESEARCH 

Co-production  and  various  exchange  agreements  potentially  offer  significant  opportunities  for 
foreign  interests  to  target  restricted  technology. 
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Indicators 


•  Resident  foreign  representative: 

•  faxes  documents  to  an  embassy  or  another  country  in  a  foreign  language. 

•  wants  to  access  the  local  area  network  (LAN). 

•  wants  unrestricted  access  to  the  facility. 

•  singles  out  company  personnel  to  elicit  information  outside  the  scope  of  the  project. 

•  Enticing  U.S.  contractors  to  provide  large  amounts  of  technical  data  as  part  of  the  bidding 
process,  only  to  have  the  contract  canceled. 

•  Potential  technology  sharing  agreements  during  the  joint  venture  are  one-sided. 

•  Foreign  organization  sends  more  foreign  representatives  than  is  necessary  for  the  project. 

Recommended  Security  Countermeasures 

•  Have  a  technology  control  plan. 

•  Review  all  documents  being  faxed  or  mailed  and  have  someone  translate. 

•  Provide  foreign  representatives  with  stand  alone  computers. 

•  Share  the  minimum  amount  of  information  appropriate  to  the  scope  of  the  joint 
venture/research. 

•  Extensively  educate  employees  on  the  scope  of  the  project  and  how  to  deal  with  and  report 
elicitation.  Periodic  sustainment  training  must  follow  initial  education. 

•  Refuse  to  accept  unnecessary  foreign  representatives  into  the  facility. 

TARGETING  OF  U.S.  CONTRACTORS  ABROAD 

Suspicious  activity  occurs  on  collector’s  home  territory  leaving  U.S.  travelers  vulnerable  to 
exploitation,  including  that  by  Foreign  Intelligence  Services  (FIS).  Frequently,  FIS  recognize 
U.S.  travelers  who  are  engaged  in  international  conventions,  support  to  combined  military  oper¬ 
ations,  and  joint  ventures. 

Indicators 

•  Technical  means  (for  example,  electronic  surveillance). 

•  Entrapment  schemes  such  as  honeytrap,  black  market  and  extortion. 

•  Repeat  stays  in  the  same  room  of  the  same  hotel. 

•  Several  attempts  are  made  to  access  room  by  service  personnel. 

•  Excessively  helpful  assistance. 

•  Undue  questioning  by  port  authorities. 

Recommended  Security  Countermeasures 

•  Have  a  technology  control  plan 

•  Cleared  defense  contractors  should  review  the  type  and  amount  of  information  he/she  provides 
and  withhold  non-essential  biographic  and  other  data  requested  by  the  host. 
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WORK  OFFERS 


Foreign  scientists,  students,  and  engineers  will  offer  their  services  to  research  facilities, 
academic  institutions,  and  even  cleared  defense  contractors.  This  may  be  a  MO  to  place  a  for¬ 
eign  national  inside  the  facility  to  collect  information  concerning  a  desired  technology. 

Indicators 

•  Foreign  applicant  has  a  scientific  or  engineering  background  in  a  technical  area  for  which 
his/her  country  has  been  identified  as  having  a  collection  requirement. 

•  Foreign  applicant  offers  services  for  "free,”  stating  that  a  foreign  government  agency,  military 
activity,  university,  or  corporation  is  paying  expenses. 

•  Foreign  intern  (students  working  on  masters  or  doctorate)  offers  to  work  without  pay  under  a 
knowledgeable  individual,  usually  for  a  period  of  2-3  years. 

•  The  technology  in  which  the  foreign  individual  wants  to  work  or  conduct  research  is  frequently 
related  to,  or  may  be  classified,  ITAR ,  MCTL  or  export-controlled. 

Recommended  Security  Countermeasures 

•  Have  a  technology  control  plan. 

•  Provide  employees  periodic  security  awareness  briefings  about  long-term  foreign  visitors. 

•  Check  backgrounds  and  references  of  foreign  job,  research  and  intern  applicants. 

•  Request  a  threat  assessment  from  the  program  office  whose  goals  are  associated  with  the 
foreign  interest. 

CO-OPTING  FORMER  EMPLOYEES 

Former  employees  who  had  access  to  sensitive,  proprietary,  or  classified  S&T  program  informa¬ 
tion  remain  a  potential  counterintelligence  concern.  Targeting  cultural  commonalties  to  establish 
rapport  is  often  associated  with  this  collection  attempt.  Former  employees  may  be  viewed  as 
excellent  prospects  for  collection  operations  and  considered  less  likely  to  feel  obliged  to  comply 
with  U.S.  Government  or  corporate  security  requirements. 

Indicators 

•  Former  employee  takes  a  job  with  a  foreign  company  working  on  the  same  technology. 

•  Former  employee  maintains  contact  with  former  company  and  employees. 

•  An  employee  alternates  working  with  U.S.  companies  and  foreign  companies  every  few  years. 

Recommended  Security  Countermeasures 

•  Have  a  technology  control  plan 

•  Brief  employees  to  be  alert  to  actions  of  former  employees  returning  to  the  facility. 

•  Have  a  policy  concerning  visitation  or  contacts  with  current  employees  by  former  employees. 
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•  Debrief  former  employees  upon  termination  of  employment  and  reinforce  their  legal 
responsibilities  to  protect  classified,  proprietary,  and  export-controlled  information. 

TARGETING  CULTURAL  COMMONALITIES 

Foreign  entities  exploit  the  cultural  backgroxmd  of  company  personnel,  visitors  and  visited,  to 

elicit  information. 

Indicators 

•  Employees  receive  unsolicited  greetings  or  other  correspondence  from  embassy,  company, 
or  coimtry  of  family’s  origin. 

•  Employees  receive  invitations  to  visit  country  of  family’s  origin  for  purpose  of  providing 
lecture  or  receiving  an  award. 

•  Foreign  visitors  single  out  company  personnel  of  same  cultural  backgroimd  with  whom  to 
work  or  socialize. 

Recommended  Security  Countermeasures 

•  Have  a  technology  control  plan. 

•  Brief  all  employees  on  this  MO  and  address  it  in  the  company  reporting  policy. 

•  Monitor  foreign  visitor  activities  for  indications  of  their  targeting  of  company  personnel. 

•  Report  suspected  targeting  as  early  as  possible  to  minimize  potential  problems. 
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